Namo and Haley Mills
The author selected Internet Archive to receive a donation as part of the Write for DOnations program.
Code quality is an approximation of how useful and maintainable a specific piece of code is. Quality code will make the task of maintaining and expanding your application easier. It helps ensure that fewer bugs are introduced when you make required changes in the future.
SonarQube is an open-source tool that assists in code quality analysis and reporting. It scans your source code looking for potential bugs, vulnerabilities, and maintainability issues, and then presents the results in a report which will allow you to identify potential issues in your application.
The SonarQube tool itself is made out of two parts: a scanner, which is an application that would be installed locally on the developer’s machine to do the code analysis, and a centralized server for record-keeping and reporting. A single SonarQube server instance can support multiple scanners, enabling you to centralize code quality reports from many developers in a single place.
In this guide, you will deploy a SonarQube server and scanner to analyze your code and create code quality reports. Then you’ll perform a test on your machine by scanning an example code with the SonarQube scanner.
Before you begin this guide you’ll need the following:
sonarqube.example.com
in this tutorial.You need to complete a few steps to prepare for the SonarQube installation. As SonarQube is a Java application that will run as a service, and because you don’t want to run services as the root user, you’ll create another system user specifically to run the SonarQube services. After that, you’ll create the installation directory and set its permissions, and then you’ll create a MySQL database and user for SonarQube.
First, create the sonarqube user:
- sudo adduser --system --no-create-home --group --disabled-login sonarqube
This user will only be used to run the SonarQube service, so this creates a system user that can’t log in to the server directly.
Next, create the directory to install SonarQube into:
- sudo mkdir /opt/sonarqube
SonarQube releases are packaged in a zipped format, so install the unzip
utility that will allow you to extract those files.
- sudo apt-get install unzip
Next, you will create a database and credentials that SonarQube will use. Log in to the MySQL server as the root user:
- sudo mysql -u root -p
Then create the SonarQube database:
- CREATE DATABASE sonarqube;
Now create the credentials that SonarQube will use to access the database.
- CREATE USER sonarqube@'localhost' IDENTIFIED BY 'some_secure_password';
Then grant permissions so that the newly created user can make changes to the SonarQube database:
- GRANT ALL ON sonarqube.* to sonarqube@'localhost';
Then apply the permission changes and exit the MySQL console:
- FLUSH PRIVILEGES;
- EXIT;
Now that you have the user and directory in place, you will download and install the SonarQube server.
Start by changing the current working directory to the SonarQube installation directory:
- cd /opt/sonarqube
Then, head over to the SonarQube downloads page and grab the download link for SonarQube 7.5 Community Edition. There are many versions and flavors of SonarQube available for download on the page, but in this specific tutorial we’ll be using SonarQube 7.5 Community Edition.
After getting the link, download the file:
- sudo wget https://binaries.sonarsource.com/Distribution/sonarqube/sonarqube-7.5.zip
Unzip the file:
- sudo unzip sonarqube-7.5.zip
Once the files extract, delete the downloaded zip file, as you no longer need it:
- sudo rm sonarqube-7.5.zip
Finally, update the permissions so that the sonarqube user will own these files, and be able to read and write files in this directory:
- sudo chown -R sonarqube:sonarqube /opt/sonarqube
Now that all the files are in place, we can move on to configuring the SonarQube server.
We’ll need to edit a few things in the SonarQube configuration file. Namely:
Start by opening the SonarQube configuration file:
- sudo nano sonarqube-7.5/conf/sonar.properties
First, change the username and password that SonarQube will use to access the database to the username and password you created for MySQL:
...
sonar.jdbc.username=sonarqube
sonar.jdbc.password=some_secure_password
...
Next, tell SonarQube to use MySQL as the database driver:
...
sonar.jdbc.url=jdbc:mysql://localhost:3306/sonarqube?useUnicode=true&characterEncoding=utf8&rewriteBatchedStatements=true&useConfigs=maxPerformance&useSSL=false
...
As this instance of SonarQube will be run as a dedicated server, we could add the -server
option to activate SonarQube’s server mode, which will help in maximizing performance.
Nginx will handle the communication between the SonarQube clients and your server, so you will tell SonarQube to only listen to the local address.
...
sonar.web.javaAdditionalOpts=-server
sonar.web.host=127.0.0.1
Once you have updated those values, save and close the file.
Next, you will use Systemd to configure SonarQube to run as a service so that it will start automatically upon a reboot.
Create the service file:
- sudo nano /etc/systemd/system/sonarqube.service
Add the following content to the file which specifies how the SonarQube service will start and stop:
[Unit]
Description=SonarQube service
After=syslog.target network.target
[Service]
Type=forking
ExecStart=/opt/sonarqube/sonarqube-7.5/bin/linux-x86-64/sonar.sh start
ExecStop=/opt/sonarqube/sonarqube-7.5/bin/linux-x86-64/sonar.sh stop
User=sonarqube
Group=sonarqube
Restart=always
[Install]
WantedBy=multi-user.target
You can learn more about systemd unit files in Understanding Systemd Units and Unit Files.
Close and save the file, then start the SonarQube service:
- sudo service sonarqube start
Check the status of the SonarQube service to ensure that it has started and is running as expected:
- service sonarqube status
If the service has successfully started, you’ll see a line that says “Active” similar to this:
● sonarqube.service - SonarQube service
Loaded: loaded (/etc/systemd/system/sonarqube.service; enabled; vendor preset
Active: active (running) since Sat 2019-01-05 19:00:00 UTC; 2s ago
Next, configure the SonarQube service to start automatically on boot:
- sudo systemctl enable sonarqube
At this point, the SonarQube server will take a few minutes to fully initialize. You can check if the server has started by querying the HTTP port:
- curl http://127.0.0.1:9000
Once the initialization process is complete, you can move on to the next step.
Now that we have the SonarQube server running, it’s time to configure Nginx, which will be the reverse proxy and HTTPS terminator for our SonarQube instance.
Start by creating a new Nginx configuration file for the site:
- sudo nano /etc/nginx/sites-enabled/sonarqube
Add this configuration so that Nginx will route incoming traffic to SonarQube:
server {
listen 80;
server_name sonarqube.example.com;
location / {
proxy_pass http://127.0.0.1:9000;
}
}
Save and close the file.
Next, make sure your configuration file has no syntax errors:
- sudo nginx -t
If you see errors, fix them and run sudo nginx -t
again. Once there are no errors, restart Nginx:
- sudo service nginx restart
For a quick test, you can now visit http://sonarqube.example.com
in your web browser. You’ll be greeted with the SonarQube web interface.
Now we’ll use Let’s Encrypt to create HTTPS certificates for our installation so that data will be securely transferred between the server and your local machine. Use certbot
to create the certificate for Nginx:
- sudo certbot --nginx -d sonarqube.example.com
If this is your first time requesting a Let’s Encrypt certificate, Certbot will prompt for your email address and EULA agreement. Enter your email and accept the EULA.
Certbot will then ask how you’d like to configure your security settings. Select the option to redirect all requests to HTTPS. This will ensure that all communication between clients and the SonarQube server gets encrypted.
Now that we’re done setting up the reverse proxy, we can move on to securing our SonarQube server.
SonarQube ships with a default administrator username and password of admin. This default password is not secure, so you’ll want to update it to something more secure as a good security practice.
Start by visiting the URL of your installation, and log in using the default credentials. If prompted to start a tutorial, simply click Skip this tutorial to get to the dashboard.
Once logged in, click the Administration tab, select Security from the drop-down list, and then select Users:
From here, click on the small cog on the right of the “Administrator” account row, then click on “Change password”. Be sure to change the password to something that’s easy to remember but hard to guess.
Now create a normal user that you can use to create projects and submit analysis results to your server from the same page. Click on the Create User button on the top-right of the page:
Then create a token for a specific user by clicking on the button in the “Tokens” column and giving this token a name. You’ll need this token later when you invoke the code scanner, so be sure to write it down in a safe place.
Finally, you may notice that the SonarQube instance is wide-open to the world, and anyone could view analysis results and your source code. This setting is highly insecure, so we’ll configure SonarQube to only allow logged-in users access to the dashboard. From the same Administration tab, click on Configuration, then General Settings, and then Security on the left pane. Flip the switch that says Force user authentication to enable authentication, then click on the Save button below the switch.
Now that you’re done setting up the server, let’s set up the SonarQube scanner.
SonarQube’s code scanner is a separate package that you can install on a different machine than the one running the SonarQube server, such as your local development workstation or a continuous delivery server. There are packages available for Windows, MacOS, and Linux which you can find at the SonarQube web site
In this tutorial, you’ll install the code scanner on the same server that hosts our SonarQube server.
Start by creating a directory for the scanner:
- sudo mkdir /opt/sonarscanner
Then change into that directory:
- cd /opt/sonarscanner
Download the SonarQube scanner for Linux using wget
:
- sudo wget https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/sonar-scanner-cli-3.2.0.1227-linux.zip
Next, extract the scanner:
- sudo unzip sonar-scanner-cli-3.2.0.1227-linux.zip
Then delete the zip archive file:
- sudo rm sonar-scanner-cli-3.2.0.1227-linux.zip
After that, you’ll need to modify a few settings to get the scanner working with your server install. Open the configuration file for editing:
- sudo nano sonar-scanner-3.2.0.1227-linux/conf/sonar-scanner.properties
First, tell the scanner where it should submit the code analysis results. Un-comment the line starting with sonar.host.url
and set it to the URL of your SonarQube server:
sonar.host.url=https://sonarqube.example.com
Save and close the file. Now make the scanner binary executable:
- sudo chmod +x sonar-scanner-3.2.0.1227-linux/bin/sonar-scanner
Then create a symbolic link so that you can call the scanner without specifying the path:
- sudo ln -s /opt/sonarscanner/sonar-scanner-3.2.0.1227-linux/bin/sonar-scanner /usr/local/bin/sonar-scanner
Now that the scanner is set up, we’re ready to run our first code scan.
If you’d like to just poke around with SonarQube to see what it can do, you might consider running a test scan on the SonarQube example projects. These are example projects created by the SonarQube team that contains many issues that SonarQube will then detect and report.
Create a new working directory in your home directory, then change to the directory:
- cd ~
- mkdir sonar-test && cd sonar-test
Download the example project:
- wget https://github.com/SonarSource/sonar-scanning-examples/archive/master.zip
Unzip the project and delete the archive file:
- unzip master.zip
- rm master.zip
Next, switch to the example project directory:
- cd sonar-scanning-examples-master/sonarqube-scanner
Run the scanner, passing it the token you created earlier:
- sonar-scanner -D sonar.login=your_token_here
This will take a while. Once the scan is complete, you’ll see something like this on the console:
INFO: Task total time: 14.128 s
INFO: ------------------------------------------------------------------------
INFO: EXECUTION SUCCESS
INFO: ------------------------------------------------------------------------
INFO: Total time: 21.776s
INFO: Final Memory: 17M/130M
INFO: ------------------------------------------------------------------------
The example project’s report will now be on the SonarQube dashboard like so:
Now that you’ve confirmed that the SonarQube server and scanner works with the test code, you can use SonarQube to analyze your own code.
To have SonarQube analyze your own code, start by transferring your project to the server, or follow Step 6 to install and configure the SonarQube scanner on your workstation and configure it to point to your SonarQube server.
Then, in your project’s root directory, create a SonarQube configuration file:
- nano sonar-project.properties
You’ll use this file to tell SonarQube a few things about your project.
First, define a project key, which is a unique ID for the project. You can use anything you’d like, but this ID must be unique for your SonarQube instance:
# Unique ID for this project
sonar.projectKey=foobar:hello-world
...
Then, specify the project name and version so that SonarQube will display this information in the dashboard:
...
sonar.projectName=Hello World Project
sonar.projectVersion=1.0
...
Finally, tell SonarQube where to look for the code files. Note that this is relative to the directory in which the configuration file resides. Set it to the current directory:
# Path is relative to the sonar-project.properties file. Replace "\" by "/" on Windows.
sonar.sources=.
Close and save the file.
You’re ready to run a code quality analysis on your own code. Run sonar-scanner
again, passing it your token:
- sonar-scanner -D sonar.login=your_token_here
Once the scan is complete, you’ll see a summary screen similar to this:
INFO: Task total time: 5.417 s
INFO: ------------------------------------------------------------------------
INFO: EXECUTION SUCCESS
INFO: ------------------------------------------------------------------------
INFO: Total time: 9.659s
INFO: Final Memory: 39M/112M
INFO: ------------------------------------------------------------------------
The project’s code quality report will now be on the SonarQube dashboard.
In this tutorial, you’ve set up a SonarQube server and scanner for code quality analysis. Now you can make sure that your code is easily maintainable by simply running a scan — SonarQube will tell you where the potential problems might be!
From here, you might want to read the SonarQube Scanner documentation to learn how to run analysis on your local development machine or as part of your build process.
Thanks for learning with the DigitalOcean Community. Check out our offerings for compute, storage, networking, and managed databases.
This textbox defaults to using Markdown to format your answer.
You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!
Sign up for Infrastructure as a Newsletter.
Working on improving health and education, reducing inequality, and spurring economic growth? We'd like to help.
Get paid to write technical tutorials and select a tech-focused charity to receive a matching donation.
I tried following your instructions and got as far as starting SonarQube. It fails when configured to use MySQL but works fine if the built-in (not recommended for production) H2 java database is used. The SonarQube site doesn’t recommend MySQL and instead recommends Postgresql. Sonarqube’s documentation assumes the end user is proficient with postgresql which is why Digital Ocean articles are so useful. Sadly this time not so.
ind769:/opt/sonarqube$ curl http://127.0.0.1:9000 curl: (7) Failed to connect to 127.0.0.1 port 9000: Connection refused
MySQL is not supported anymore by SonarQube. This tutorial is outdated…